More than a year ago, we introduced a feature in the Cisco.com download flow that allows you to download multiple images at once, which are stored in a cart.  This feature was created at the request of customers and partners, some 42% of whom told us they really needed multi-file downloads.  At the time, the cart feature only used Java, which was a challenge for some users. But back in October we introduced a “non-Java” setting for the cart.  Even though this has been active for a few months, I thought I would point it out in case you haven’t noticed it yet.

Here’s how it works.  If you want a simple list – rather than the Java-based Download Manager – just look for the “Non Java Download” option when you get to the download cart screen:

If you select this as your default, you’ll see the following screen instead of the download manager.  No Java needed. This is all customizable by you!

We’re continuing to work on the download flows in order to support a wide range of download scenarios. I know the Cisco.com download team would like to hear from you about specific needs you have around the download experience, and if you leave a (polite, honest and thoughtful) comment here they will read your comments and can follow up with your directly.

P.S. Just so you don’t complain that I’m a complete Java-hater of some kind, here is my coffee cup

Tags: download, java, webexperience

The last two years seem dominated by PDF vulnerabilities. As far as the specification and its various readers are concerned, there is likely more sour fruit yet to be uncovered; it’s simply too complex and full of dangerous “features.” But a few blogs have recently hinted that there may be a new vector emerging with surprising popularity. Brian Krebs suggests that exploit crimeware packages have begun reporting significant success rates with Java exploits; data collected by the Microsoft Malware Protection Center (MMPC) seems to agree. After taking a look at what Cisco ScanSafe had to share on the topic, it seems clear that the threat landscape appears to be shifting under our noses.

Read More »

Tags: java, ScanSafe, security

Before we begin part 3 in this series, let’s review what we’ve covered so far. In the first post we learned how this bot was discovered and some basics about botnets. In the second post we covered botnet fundamentals like command and control (C&C) and various other capabilities. In this post we will examine some of the offensive features incorporated into a botnet designed to launch attacks and maintain control of hosts (aka victims). First we will discuss how botnets spread and then we will look at flooding and how it’s implemented in this bot.

There are two main ways malware spreads. It’s important to note that these two methods are not mutually exclusive. The first method, made famous by the Morris worm, involves targeting a network-based vulnerability; the author designs an exploit to spread his malware. Once the malware takes over a machine it then infects other machines. Every time the binary moves from one machine to another the botnet has the potential to see exponential growth. Most vulnerabilities only affect a specific operating system at a specific range of patch levels. Malware of this nature often hits big and then its growth rate takes a steep dive as patches become available and as malware is removed. Once the vulnerability is patched, the malware must adapt or accept a shrinking attack surface. Two recent examples of this method are Conficker and Slammer. It is important to note the distinction between the growth rate slowing down and the number of compromised machines. There are still countless machines connected to the Internet running both worms. Even as the growth rate approaches zero, many, many computers have already been infected and continue to run the malware. In two days time on a single Intrusion Prevention System (IPS) we saw over 178,000 slammer attacks.

An attacker simply needs to trick an unsuspecting user into running a binary that is under the control of the attacker. This attack vector is known as a trojan horse. A malware author would package his wares as a link from a friend, a new game of interest, or even a program to create keys for pirated software, etc.

Read More »

Tags: botnet, java, malware, security, security research